Third party validation of web content

US 9,917,908 B1
Filed: 01/30/2017
Issued: 03/13/2018
Est. Priority Date: 01/30/2017
Status: Active Grant

First Claim

Patent Images

1. A method in a first server, comprising:

receiving, from a client network application, a first request for a first network resource, wherein the first network resource is an online advertisement;

retrieving the requested first network resource, wherein the requested first network resource is handled by a second server that is different than the first server;

validating whether at least a portion of the retrieved first network resource conforms to a set of one or more rules, wherein the at least the portion of the retrieved first network resource to be validated includes HTML of the at least the portion of the retrieved first network resource;

responsive to determining that the at least the portion of the retrieved first network resource conforms to the set of one or more rules, cryptographically signing the at least portion of the retrieved first network resource thereby creating a digital signature;

transmitting a first response to the client network application that includes the at least the portion of the retrieved first network resource and the digital signature;

determining that the requested first network resource includes a reference to a second network resource;

retrieving the second network resource; and

storing the retrieved second network resource in cache available to the first server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A first server receives, from a client network application, a request for a network resource. The first server retrieves the requested network resource, where the requested network resource is handled by a second server that is different than the first server. The first server validates whether at least a portion of the retrieved network resource conforms to a set of one or more rules. If it does, the first server cryptographically signs the at least portion of the retrieved network resource thereby creating a digital signature. The first server transmits a response to the client network application that includes the at least the portion of the retrieved network resource and the digital signature. The client network application is configured to validate the first digital signature that validates that the portion of the network resource conforms to the set of rules.

Citations

15 Claims

1. A method in a first server, comprising:
- receiving, from a client network application, a first request for a first network resource, wherein the first network resource is an online advertisement;
  
  retrieving the requested first network resource, wherein the requested first network resource is handled by a second server that is different than the first server;
  
  validating whether at least a portion of the retrieved first network resource conforms to a set of one or more rules, wherein the at least the portion of the retrieved first network resource to be validated includes HTML of the at least the portion of the retrieved first network resource;
  
  responsive to determining that the at least the portion of the retrieved first network resource conforms to the set of one or more rules, cryptographically signing the at least portion of the retrieved first network resource thereby creating a digital signature;
  
  transmitting a first response to the client network application that includes the at least the portion of the retrieved first network resource and the digital signature;
  
  determining that the requested first network resource includes a reference to a second network resource;
  
  retrieving the second network resource; and
  
  storing the retrieved second network resource in cache available to the first server.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - determining that the retrieved first network resource includes the at least the portion of the retrieved first network resource is to be validated against the set of one or more rules including determining whether a specific header that indicates validation is to be performed against the set of one or more rules is included in a response having the first network resource.
  - 3. The method of claim 1, further comprising:
    - receiving a request for the second network resource, wherein the request for the second network resource is received after the step of retrieving the second network resource;
      
      retrieving the second network resource from the cache available to the first server; and
      
      transmitting the response to the client network application.
  - 4. The method of claim 1, further comprising:
    - transmitting the retrieved second network resource to the client network application regardless of whether the client network application requests the second network resource.
  - 5. The method of claim 1, wherein prior to validating whether at least the portion of the retrieved first network resource conforms to a set of one or more rules, performing a set of one or more transformations on HTML of the first network resource.

6. A non-transitory machine-readable storage medium that provides instructions that, when executed by a processor of a first server, cause said processor to perform operations comprising:
- receiving, from a client network application, a first request for a first network resource, wherein the first network resource is an online advertisement;
  
  retrieving the requested first network resource, wherein the requested first network resource is handled by a second server that is different than the first server;
  
  validating whether at least a portion of the retrieved first network resource conforms to a set of one or more rules, wherein the at least the portion of the retrieved first network resource to be validated includes HTML of the at least the portion of the retrieved first network resource;
  
  responsive to determining that the at least the portion of the retrieved first network resource conforms to the set of one or more rules, cryptographically signing the at least portion of the retrieved first network resource thereby creating a digital signature;
  
  transmitting a first response to the client network application that includes the at least the portion of the retrieved first network resource and the digital signature;
  
  determining that the requested first network resource includes a reference to a second network resource;
  
  retrieving the second network resource; and
  
  storing the retrieved second network resource in cache available to the first server.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The non-transitory machine-readable storage medium of claim 6, wherein the non-transitory machine-readable storage medium further provides instructions that, when executed by the processor of the first server, cause said processor to perform operations comprising:
    - determining that the retrieved first network resource includes the at least the portion of the retrieved first network resource is to be validated against the set of one or more rules including determining whether a specific header that indicates validation is to be performed against the set of one or more rules is included in a response having the first network resource.
  - 8. The non-transitory machine-readable storage medium of claim 6, wherein the non-transitory machine-readable storage medium further provides instructions that, when executed by the processor of the first server, cause said processor to further perform operations comprising:
    - receiving a request for the second network resource, wherein the request for the second network resource is received after the step of retrieving the second network resource;
      
      retrieving the second network resource from the cache available to the first server; and
      
      transmitting the response to the client network application.
  - 9. The non-transitory machine-readable storage medium of claim 6, wherein the non-transitory machine-readable storage medium further provides instructions that, when executed by the processor of the first server, cause said processor to further perform operations comprising:
    - transmitting the retrieved second network resource to the client network application regardless of whether the client network application requests the second network resource.
  - 10. The non-transitory machine-readable storage medium of claim 6, wherein prior to validating whether at least the portion of the retrieved first network resource conforms to a set of one or more rules, performing a set of one or more transformations on HTML of the first network resource.

11. An apparatus, comprising:
- a first server including a processor and a non-transitory machine-readable storage medium coupled with the processor that stores instructions that, when executed by the processor, cause said processor to perform the following;
  
  receive, from a client network application, a first request for a first network resource, wherein the first network resource is an online advertisement;
  
  retrieve the requested first network resource, wherein the requested first network resource is handled by a second server that is different than the first server;
  
  validate whether at least a portion of the retrieved first network resource conforms to a set of one or more rules, wherein the at least the portion of the retrieved first network resource to be validated includes HTML of the at least the portion of the retrieved first network resource;
  
  responsive to a determination that the at least the portion of the retrieved first network resource conforms to the set of one or more rules, cryptographically sign the at least portion of the retrieved first network resource thereby creating a digital signature;
  
  transmit a first response to the client network application that includes the at least the portion of the retrieved first network resource and the digital signature;
  
  determine that the requested first network resource includes a reference to a second network resource;
  
  retrieve the second network resource; and
  
  store the retrieved second network resource in cache available to the first server.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The apparatus of claim 11, wherein the non-transitory machine-readable storage medium further provides instructions that, when executed by the processor of the first server, cause said processor to further perform operations comprising:
    - determine that the retrieved first network resource includes the at least the portion of the retrieved first network resource is to be validated against the set of one or more rules includes a determination whether a specific header that indicates validation is to be performed against the set of one or more rules is included in a response having the first network resource.
  - 13. The apparatus of claim 11, wherein the non-transitory machine-readable storage medium further provides instructions that, when executed by the processor of the first server, cause said processor to further perform operations comprising:
    - receive a request for the second network resource, wherein the request for the second network resource is received after the step of retrieving the second network resource;
      
      retrieve the second network resource from the cache available to the first server; and
      
      transmit the response to the client network application.
  - 14. The apparatus of claim 11, wherein the non-transitory machine-readable storage medium further provides instructions that, when executed by the processor of the first server, cause said processor to further perform operations comprising:
    - transmit the retrieved second network resource to the client network application regardless of whether the client network application requests the second network resource.
  - 15. The apparatus of claim 11, wherein prior to validation of whether at least the portion of the retrieved first network resource conforms to a set of one or more rules, perform a set of one or more transformations on HTML of the first network resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CloudFlare Incorporated
Original Assignee
CloudFlare Incorporated
Inventors
Knecht, Dane Orion
Primary Examiner(s)
Serrao, Ranodhi

Application Number

US15/420,080
Time in Patent Office

407 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/645   using a third party

H04L 63/0245   Filtering by information in...

H04L 63/126   the source of the received ...

H04L 63/145   the attack involving the pr...

H04L 67/02   based on web technology, e....

H04L 67/53   using third party service p...

H04L 67/568   Storing data temporarily at...

H04L 9/3247   involving digital signatures

Third party validation of web content

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Third party validation of web content

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links